pegasus/src/Pegasus/Common/SocketzOS_inline.h - diff

Return to SocketzOS_inline.h CVS log

Up to [Pegasus] / pegasus / src / Pegasus / Common

Diff for /pegasus/src/Pegasus/Common/SocketzOS_inline.h between version 1.10 and 1.18

version 1.10, 2006/10/06 17:26:23

version 1.18, 2007/08/22 07:43:37

Line 27

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//==============================================================================

//%/////////////////////////////////////////////////////////////////////////////

#ifndef SocketzOS_inline_h

#define SocketzOS_inline_h

#include <Pegasus/Common/Logger.h>

#include <Pegasus/Common/AuthenticationInfo.h>

#include <sys/ioctl.h>

#include <net/rtrouteh.h>

#include <net/if.h>

Line 43

Line 47

MP_Socket::MP_Socket(SocketHandle socket)

: _socket(socket), _isSecure(false),

_userAuthenticated(false)

_userAuthenticated(false),

_socketWriteTimeout(PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS)

{

_username[0]=0;

}

Line 51

Line 56

MP_Socket::MP_Socket(

SocketHandle socket,

SSLContext * sslcontext,

ReadWriteSem * sslContextObjectLock)

ReadWriteSem * sslContextObjectLock,

const String& ipAddress)

: _socket(socket),

_userAuthenticated(false)

_userAuthenticated(false),

_socketWriteTimeout(PEGASUS_DEFAULT_SOCKETWRITE_TIMEOUT_SECONDS)

{

PEG_METHOD_ENTER(TRC_SSL, "MP_Socket::MP_Socket()");

_username[0]=0;

Line 70

Line 77

int MP_Socket::ATTLS_zOS_query()

{

struct TTLS_IOCTL ioc; // ioctl data structure

// ioctl data structure

struct TTLS_IOCTL ioc;

int rcIoctl;

int errnoIoctl;

int errno2Ioctl;

PEG_METHOD_ENTER(TRC_SSL, "ATTLS_zOS_query()");

memset(&ioc,0,sizeof(ioc)); // clean the structure

// clean the structure

ioc.TTLSi_Ver = TTLS_VERSION1; // set used version of structure

memset(&ioc,0,sizeof(ioc));

ioc.TTLSi_Req_Type = TTLS_QUERY_ONLY; // initialize for query only

// set used version of structure

ioc.TTLSi_BufferPtr = NULL; // no buffer for the certificate

ioc.TTLSi_Ver = TTLS_VERSION1;

ioc.TTLSi_BufferLen = 0; // will not use it

// initialize for query only

ioc.TTLSi_Req_Type = TTLS_QUERY_ONLY;

// no buffer for the certificate

ioc.TTLSi_BufferPtr = NULL;

// will not use it

ioc.TTLSi_BufferLen = 0;

rcIoctl = ioctl(_socket,SIOCTTLSCTL,(char *)&ioc);

errnoIoctl = errno;

Line 94

Line 107

case(EINPROGRESS):

case(EWOULDBLOCK):

{

PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending (EWB).");

PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,

return 0; // accept pending

"Accept pending (EWB).");

// accept pending

return 0;

}

case(ECONNRESET):

{

Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

Logger::put_l(

Logger::STANDARD_LOG, System::CIMSERVER,

Logger::INFORMATION,

"Pegasus.Common.SocketzOS_inline.CONNECTION_RESET_ERROR",

"ATTLS reset the connection due to handshake failure. \

"ATTLS reset the connection due to handshake failure. "

Connection closed.");

"Connection closed.");

PEG_METHOD_EXIT();

return -1;

}

Line 110

Line 127

{

char str_errno2[10];

sprintf(str_errno2,"%08X",errno2Ioctl);

Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

Logger::put_l(

Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

"Pegasus.Common.SocketzOS_inline.UNEXPECTED_ERROR",

"An unexpected error occurs: $0 ( errno $1, reason code 0x$2 ). \

"An unexpected error occurs: $0 ( errno $1, reason "

Connection closed."

"code 0x$2 ). Connection closed.",

,strerror(errnoIoctl),errnoIoctl,str_errno2);

strerror(errnoIoctl),

errnoIoctl,

str_errno2);

PEG_METHOD_EXIT();

return -1;

}

} // end switch(errnoIoctl)

} // -1 ioctl()

Line 130

Line 149

case(TTLS_POL_NO_POLICY):

case(TTLS_POL_NOT_ENABLED):

{

Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

Logger::put_l(

Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

"Pegasus.Common.SocketzOS_inline.POLICY_NOT_ENABLED",

"ATTLS policy is not aktive for the CIM Server HTTPS port. \

"ATTLS policy is not aktive for the CIM Server HTTPS port. "

Communication not secured. Connection closed.");

"Communication not secured. Connection closed.");

PEG_METHOD_EXIT();

return -1;

}

case(TTLS_POL_ENABLED):

{

break; // a policy exists so it is ensured that a secured connectio will be established

// a policy exists so it is ensured that a secured connection will

// be established

break;

}

case(TTLS_POL_APPLCNTRL):

{

Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

Logger::put_l(

Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

"Pegasus.Common.SocketzOS_inline.APPLCNTRL",

"ATTLS policy not valid for CIM Server. \

"ATTLS policy not valid for CIM Server. "

Set ApplicationControlled to OFF. Connection closed.");

"Set ApplicationControlled to OFF. Connection closed.");

PEG_METHOD_EXIT();

return -1;

}

} // end switch(ioc.TTLSi_Stat_Policy)

Line 161

Line 183

case(TTLS_CONN_HS_INPROGRESS):

{

// the SSL handshake has not been finished yet, try late again.

PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending.");

PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4, "---> Accept pending.");

return 0;

}

case(TTLS_CONN_SECURE):

{

break; // the connection is secure

// the connection is secure

break;

}

Line 178

Line 201

case(TTLS_SEC_UNKNOWN):

case(TTLS_SEC_CLIENT):

{

Logger::put_l(Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

Logger::put_l(

Logger::ERROR_LOG, System::CIMSERVER, Logger::SEVERE,

"Pegasus.Common.SocketzOS_inline.WRONG_ROLE",

"ATTLS policy specifies the wrong HandshakeRole for the CIM Server HTTPS port. \

"ATTLS policy specifies the wrong HandshakeRole for the "

Communication not secured. Connection closed.");

"CIM Server HTTPS port. Communication not secured. "

"Connection closed.");

PEG_METHOD_EXIT();

return -1;

Line 192

Line 217

case(TTLS_SEC_SRV_CA_FULL):

case(TTLS_SEC_SRV_CA_REQD):

{

PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,

PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,

"---> ATTLS Securtiy Type is valid but no SAFCHK.");

"ATTLS Security Type is valid but no SAFCHK.");

PEG_METHOD_EXIT();

return 1;

}

Line 201

Line 226

case(TTLS_SEC_SRV_CA_SAFCHK):

{

_userAuthenticated=true;

_authType=AuthenticationInfoRep::AUTH_TYPE_ZOS_ATTLS;

memcpy(_username,ioc.TTLSi_UserID,ioc.TTLSi_UserID_Len);

_username[ioc.TTLSi_UserID_Len]=0; // null terminated string

__etoa(_username); // the user name is in EBCDIC !

__e2a_s(_username); // the user name is in EBCDIC!

PEG_TRACE((TRC_SSL, Tracer::LEVEL2,

"---> ATTLS Securtiy Type is SAFCHK. Resolved user ID \'%s\'",_username));

"ATTLS Security Type is SAFCHK. Resolved user ID \'%s\'",

_username));

PEG_METHOD_EXIT();

return 1;

}

} // end switch(ioc.TTLSi_Sec_Type)

// This should never be reached

PEG_TRACE_STRING(TRC_SSL, Tracer::LEVEL4,

PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,

"---> Never reach this! New/wrong return value of ioctl().");

"Received unexpected return value of ioctl(SIOCTTLSCTL).");

PEG_METHOD_EXIT();

return -1;

} // end ATTLS_zOS_Query

int MP_Socket::LocalSocket_zOS_query()

{

// This function is only available in z/OS 1.8 and greater

#if (__TARGET_LIB__ >= 0x41080000)

struct __sect_s ioSec;

int rcIoctl;

int errnoIoctl;

int errno2Ioctl;

PEG_METHOD_ENTER(TRC_SSL, "LocalSocket_zOS_query()");

// clean the structure

memset(&ioSec,0,sizeof(ioSec));

// Query the local socket for security information.

rcIoctl = ioctl(_socket,SECIGET_T,(char *)&ioSec);

errnoIoctl = errno;

errno2Ioctl =__errno2();

// If an error occures, the error is written to the trace

// but the function will successfully return.

if (rcIoctl < 0)

{

switch (errnoIoctl)

{

case(EBADF):

{

PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,

"Not a valid socket descriptor for "

"query local authentication.");

break;

}

case(EINVAL):

{

PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,

"The local authentication request is not valid"

" or not supported on this socket.");

break;

}

case(ENODEV):

{

PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,

"Not a local socket descriptor.");

break;

}

default:

{

PEG_TRACE((TRC_SSL, Tracer::LEVEL4,

"An unexpected error occurs: %s ( errno $d, reason code "

"0x%08X ). ",

strerror(errnoIoctl),

errnoIoctl,

errno2Ioctl));

break;

} // end default

} // end switch errnoIoctl

PEG_METHOD_EXIT();

return 1;

} // if rcIoctl < 0

// Is client task level security information available ?

if (ioSec.__sectt_useridlen != 0)

{

_userAuthenticated=true;

_authType=AuthenticationInfoRep::AUTH_TYPE_ZOS_LOCAL_DOMIAN_SOCKET;

memcpy(_username,ioSec.__sectt_userid,ioSec.__sectt_useridlen);

// null terminated string

_username[ioSec.__sectt_useridlen]=0;

// the user name is in EBCDIC!

__e2a_s(_username);

PEG_TRACE((TRC_SSL, Tracer::LEVEL2,

"Local Socket authentication. Resolved task level user ID \'%s\'",

_username));

PEG_METHOD_EXIT();

return 1;

}

// Is client process level security information available ?

if (ioSec.__sectp_useridlen != 0)

{

_userAuthenticated=true;

_authType=AuthenticationInfoRep::AUTH_TYPE_ZOS_LOCAL_DOMIAN_SOCKET;

memcpy(_username,ioSec.__sectp_userid,ioSec.__sectp_useridlen);

// null terminated string

_username[ioSec.__sectp_useridlen]=0;

// the user name is in EBCDIC!

__e2a_s(_username);

PEG_TRACE((TRC_SSL, Tracer::LEVEL2,

"Local Socket authentication. "

"Resolved process level user ID \'%s\'",

_username));

PEG_METHOD_EXIT();

return 1;

}

// This should never be reached

PEG_TRACE_CSTRING(TRC_SSL, Tracer::LEVEL4,

"Received unexpected return value of ioctl(SECIGET_T).");

PEG_METHOD_EXIT();

return -1;

#else

return 1;

#endif // (__TARGET_LIB__ >= 0x41080000)

}

PEGASUS_NAMESPACE_END

#endif

Legend:

Removed from v.1.10
changed lines
	Added in v.1.18

No CVS admin address has been configured